F5 Insert XForwarded For配置

一、应用场景：

 统一权限系统用户登录日志中登录IP一直显示10.122.6.70，而不是用户电脑的实际IP，

经查证该IP为F5负载均衡设备IP。登录IP一直显示F5设备IP原因为，网络组为统一权限

系统的虚拟IP配置连接池时http参数没有开启Insert XForwarded For服务导致。与网络

组沟通重新创建profile_http参数后问题得到解决（实际名称为tyqx_http）。

二、WEB配置

以下为创建Profiles配置：profile_http

　　在“Local Traffic→Profiles”页面点击“create”按钮：

　　①Name栏填写：profile_http（填一个英文名称）

　　②Parent Profile栏选择：HTTP

　　③Insert XForwarded For栏：如果需要，可以选中方框，选择Enable（在Header头中插入x-forwarded-for标记，以便做七层负载均衡时能够获取用户真实IP）。配置Insert XForwarded For后在连接池中http选择栏中选择tyqx_http，用户登录统一权限系统时，用户登录日志中登录IP即显示用户电脑的真实IP。

三、命令行配置

Configuring the BIG-IP system to insert the HTTP X-Forwarded-Proto header extension

You should consider using this procedure under the following condition:

• You use the BIG-IP system to terminate Secure Sockets Layer (SSL) for load-balanced HTTP servers that support the X-Forwarded Proto header extension.
• You want the HTTP servers to return URLs prefixed with HTTPS://.

When you configure the BIG-IP system to terminate SSL for HTTP servers that support the X-Forwarded-Proto header extension, you can ensure that the HTTP servers respond with HTTPS:// prefixed URLs. To utilize the X-Forwarded-Proto header extension, you can configure the BIG-IP system to insert an HTTP header named X-Forwarded-Proto: with a value of https into each request. To do so, perform one of the following procedures using either the Configuration utility or the TMOS Shell (tmsh).

Prerequisites

You must meet the following prerequisite to use this procedure:

• You have administrative access to the BIG-IP system.

Procedures

Using the Configuration utility to create a custom HTTP profile to insert the X-Forwarded-Proto:https HTTP header

To create a custom HTTP profile that inserts an HTTP header named X-Forwarded-Proto: with a value of https into each request, perform the following procedure:

Impact of procedure: Performing the following procedure should not have a negative impact on your system.

1. Log in to the Configuration utility.
2. Navigate to Local Traffic > Profiles > Services > HTTP.
3. Click Create.
4. In the Name box, type a name for the profile.
5. In the Parent Profile menu, select http.
6. For the Request Header Insert setting, select the custom check box.
7. In the Request Header Insert box, type the following:X-Forwarded-Proto:https
8. Click Finished.

Using tmsh to create a custom HTTP profile to insert the X-Forwarded-Proto:https HTTP header

To create a custom HTTP profile that inserts an HTTP header named X-Forwarded-Proto: with a value of https into each request, perform the following procedure:

Impact of procedure: Performing the following procedure should not have a negative impact on your system.

1. Log in to tmsh by typing the following command:tmsh
2. To create the custom HTTP profile, use the following command syntax:create /ltm profile http <http profile name> header-insert "X-Forwarded-Proto:https"

• In this command syntax, note the following:<http profile_name> is your desired HTTP profile name.

3. Save the configuration by typing the following command:save /sys config
4. To exit tmsh, type the following command:quit